However, the introduction of RC2a also introduced several security vulnerabilities that allowed hackers to gain access to your website via the following two files:

/admin/file_manager.php

/admin/define_languages.php

/admin/login.php

as well as several other security holes. There is a complete listing HERE of all security issues for RC2a on the osCommerce Forum as well as additional information HERE specifically discussing the security of the Admin Area.

osCommerce v2.2 RC2a can still be downloaded HERE (direct download link) for those who need original files and/or plan to use this version to create an online store. This download is UN-PATCHED so the above links should be used to update it once you have it installed.